Privacy. It's such a simple concept, so why does it have to be so complex in reality?
I reckon most of us have pretty simple expectations about how organisations use information that could affect our privacy. They should be upfront about what information they're collecting and how they'll use it, and they shouldn't use it unfairly.
Unfortunately, that's not what the law requires. Under the Privacy Act, businesses have a lot of latitude to decide what information they collect and how they use it. Unless it is 'sensitive' information – such as information about your health– they don't need you to ask for your agreement. In most cases, they can decide their own rules through what they put in their privacy policy.
I don't know if you have ever bothered to read the privacy policy of a large business, but they're often encyclopaedic in scale. A few years ago, we hired an actor to read the privacy policy for Amazon Kindle. Coming in at over 73,000 words at the time, it took our professional script reader almost nine hours to get through the whole thing.
Our objective was to point out how absurd it is to allow a business to cover its back in this way – if a business's terms and conditions are so complicated that you couldn't expect an average person to digest them, the business should not be able to rely upon them.
If a business's terms and conditions are so complicated that you couldn't expect an average person to digest them, the business should not be able to rely upon them
One way to fix this would be to have much clearer rules in the Privacy Act about what can be collected and how it can be used. If the law was stronger, privacy policies would play a much smaller role.
But even if we fixed that problem, our privacy laws would still be riddled with loopholes that allow some businesses to evade them.
Most businesses with turnover under $3 million per annum, for example, are exempt from the Privacy Act, meaning they can collect whatever they want, with few consequences if something goes wrong. Small businesses such as real estate agents hold a lot of information that could cause embarrassment or harm if disclosed. It's time to think about whether that's still appropriate.
With a review of privacy legislation underway, the government has an opportunity to design the kinds of laws we need to protect us in a world where large amounts of information are being collected about us everyday, often without us even knowing.
Now more than ever, we need strong, simple laws that capture all businesses, regardless of size, and that ensure the amount of personal information businesses collect is kept to a minimum and can only be used in ways that genuinely help us.
Stock images: Getty, unless otherwise stated.
